move shiniji wireguard secretes to only shinji host (refactor hosts)

1 files changed, 39 insertions, 0 deletions

diff --git a/hosts/shinji/wireguard.nix b/hosts/shinji/wireguard.nix
new file mode 100644
index 0000000..13669b3
--- /dev/null
+++ b/hosts/shinji/wireguard.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    wireguard-tools
+  ];
+
+  networking.wg-quick.interfaces = {
+    freyanet = {
+      address = ["10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128"];
+      dns = ["10.3.0.138"];
+      privateKeyFile = config.sops.secrets.freyanetWg.path;
+
+      peers = [
+        {
+          publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
+          allowedIPs = ["10.0.0.0/14" "fd:cafe::/32"];
+          endpoint = "cid.freya.cat:3000";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+
+    #tinternet = {
+    #  address = [ "69.0.0.2/32" "cafe::2/128" "fe80::2/128" ];
+    #  dns = [ "1.1.1.1" ];
+    #  privateKeyFile = config.sops.secrets.tinternetWg.path;
+
+    #  peers = [{
+    #    publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
+    #    allowedIPs = [ "0.0.0.0/0" "::/0" ];
+    #    endpoint = "freya.cat:51282";
+    #    persistentKeepalive = 25;
+    #  }];
+    #};
+  };
+}